diff options
author | Jung-uk Kim <jkim@FreeBSD.org> | 2015-03-25 18:56:36 +0000 |
---|---|---|
committer | Jung-uk Kim <jkim@FreeBSD.org> | 2015-03-25 18:56:36 +0000 |
commit | 01ed3ca3dedacaf3449a953e213dd462995c04fd (patch) | |
tree | f3c94d6e7589a2633e5c7f575000b0574934a9cb /lib/libfetch | |
parent | 04ca8f71be64f7ef9ce028d5d9173b510cf554cc (diff) | |
download | src-01ed3ca3dedacaf3449a953e213dd462995c04fd.tar.gz src-01ed3ca3dedacaf3449a953e213dd462995c04fd.zip |
Remove defunct SSLv2 support from fetch(1) and fetch(3).
Notes
Notes:
svn path=/head/; revision=280630
Diffstat (limited to 'lib/libfetch')
-rw-r--r-- | lib/libfetch/common.c | 4 | ||||
-rw-r--r-- | lib/libfetch/fetch.3 | 8 |
2 files changed, 3 insertions, 9 deletions
diff --git a/lib/libfetch/common.c b/lib/libfetch/common.c index eabea2b43c73..3095e06bfe02 100644 --- a/lib/libfetch/common.c +++ b/lib/libfetch/common.c @@ -672,9 +672,7 @@ fetch_ssl_setup_transport_layer(SSL_CTX *ctx, int verbose) { long ssl_ctx_options; - ssl_ctx_options = SSL_OP_ALL | SSL_OP_NO_TICKET; - if (getenv("SSL_ALLOW_SSL2") == NULL) - ssl_ctx_options |= SSL_OP_NO_SSLv2; + ssl_ctx_options = SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_TICKET; if (getenv("SSL_ALLOW_SSL3") == NULL) ssl_ctx_options |= SSL_OP_NO_SSLv3; if (getenv("SSL_NO_TLS1") != NULL) diff --git a/lib/libfetch/fetch.3 b/lib/libfetch/fetch.3 index 5b9f0db54936..53a4e424a834 100644 --- a/lib/libfetch/fetch.3 +++ b/lib/libfetch/fetch.3 @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 15, 2014 +.Dd March 25, 2015 .Dt FETCH 3 .Os .Sh NAME @@ -441,10 +441,8 @@ By default allows TLSv1 and newer when negotiating the connecting with the remote peer. You can change this behavior by setting the -.Ev SSL_ALLOW_SSL2 -and .Ev SSL_ALLOW_SSL3 -environment variables to allow SSLv2 and SSLv3, respectively, and +environment variable to allow SSLv3 and .Ev SSL_NO_TLS1 , .Ev SSL_NO_TLS1_1 and .Ev SSL_NO_TLS1_2 @@ -646,8 +644,6 @@ which proxies should not be used. Same as .Ev NO_PROXY , for compatibility. -.It Ev SSL_ALLOW_SSL2 -Allow SSL version 2 when negotiating the connection (not recommended). .It Ev SSL_ALLOW_SSL3 Allow SSL version 3 when negotiating the connection (not recommended). .It Ev SSL_CA_CERT_FILE |